While companies have an interest in monitoring employees to protect against security risks and harassment or discrimination, invasive techniques can decrease morale and increase stress. This article looks at some workplace privacy challenges and initiatives.

Tuesday, October 16, 2007

This overview on the issue of workplace privacy is from the Web site of the Electronic Privacy Information Center. The center also posts additional news and resources pertaining to employee surveillance and privacy:

Workers of the world are exposed to many types of privacy-invasive monitoring while earning a living. These include drug testing, closed-circuit video monitoring, Internet monitoring and filtering, e-mail monitoring, instant-message monitoring, phone monitoring, location monitoring, personality and psychological testing, and keystroke logging.

Employers do have an interest in monitoring in order to address security risks, sexual harassment, and to ensure the acceptable performance of employees. However, these activities may diminish employee morale and dignity, and increase worker stress.

The Modern Challenge of Workplace Privacy

While gone are the days when Henry Ford would inspect the homes of workers, employers have new means to acquire information about employees, and these new means require a re-evaluation of basic fairness in the employee-employer relationship.

Many workers are not protected with due-process guarantees against arbitrary discharge. Absent state law or contract, employers can often dismiss an employee for any reason, or no reason, even if the decision to terminate is based on false information.

At the same time, increased employee-monitoring powers raise the risk that false inferences can be drawn about employee contact. For instance, an employee might accidentally visit whitehouse.com, a pornographic Web site, while attempting to access whitehouse.gov.

An employee-network monitoring appliance can detect access to the inappropriate site, but not the intent of the employee.

With these new monitoring tools and potential to draw false inferences, it is important now more than ever for employees to have basic due process protections -- -the right of notice of the violation and some "opportunity to be heard."

This field is also nuanced. Employees may desire medical screening, including genetic screening, prior to employment.

For instance, in certain workplaces, it is possible to screen an employee for predispositions to disease that may be exacerbated by the presence of chemicals essential to the business.

Similarly, background checks are often appropriate for positions of trust, such as a police officer, but not appropriate for jobs unrelated to public safety or the handling of very large sums of money.

In the United States and many third-world countries, workers have very few privacy protections in law. There are few situations where an employee has a due-process right to access, inspect or challenge information collected or held by the employer.

There is a patchwork of state and federal laws that grant employees limited rights. For instance, under federal law, private-sector employees cannot be required to submit to a polygraph examination.

However, there are no general protections of workplace privacy except where an employer acts tortiously -- where the employer violates the employee's reasonable expectation of privacy.

European employers are bound by comprehensive data-protection acts that limit and regulate the collection of personal information on workers. These laws specifically call for purpose and collection limitations, accuracy of data, limits on retention of data, security, and protections against the transfer of data to countries with weaker protections. These protections place employees on a more equal footing while allowing employers to monitor for legitimate reasons.

The ILO Code: The Standard for Workers' Rights

In 1996, the International Labour Organization adopted a code of practice on the protection of workers' personal data. The ILO code is regarded as the standard among privacy advocates for protection of workers' privacy rights. The code specifies that workers' data should be collected and used consistently with Fair Information Practices. The protections include:

Newsletter Sign-Up:

Robert Ellis Smith, editor of the Privacy Journal, has created a model for U.S. employers that offers strong protections for workers' privacy.

Smith's model, which was presented to the Service Employees Union on Oct. 27, 2000, calls for annual notice to employees of the monitoring type, purpose and location, provisions for data destruction, audit trails and a right of action against an employer for invasion of privacy for violations of the principles.

U.S. Approaches, Legislation and Protections

In 1977, the Privacy Protection Study Commission, which was convened pursuant to the Privacy Act of 1974, issued a report covering workplace privacy.

The report recognized that employers collect a broad range of information on workers, and focused on delineating lines of fairness on the collection and use of employee information.

It also recognized that much had changed since the development of common law employment norms. America is no longer a country of the self-employed, but rather of employees who do not always have the power to bargain the terms of employment.

Quoting the Equitable Life Assurance Society of the United States, the PPSC's approach recognized that "people with a given employment status ... must adhere to many terms of employment set by the organization they work in if they are to work at all."

The PPSC pursued three public-policy objectives, and 34 recommendations to meet the objectives.

The objections were, first, to minimize intrusiveness in hiring, and specifically to reduce the practice of obtaining information about an employee from a third party, such as a credit-reporting agency. Second, to maximize fairness, by reducing use of arrest information and ensuring that information collected is accurate, complete, and timely. Third, the PPSC pursued the goal of creating a legitimate and enforceable expectation of confidentiality in employment records.

The Electronic Communications Privacy Act of 1986 is the only federal statute that offers workers protections in communications privacy.

ECPA prohibits the intentional interception of electronic communications. However, the ECPA contains loopholes that facilitate employee monitoring. First, employers are permitted to monitor networks for business purposes.

This enables employers to listen in on employee phone calls or to view employees' e-mail. Employers may not monitor purely personal calls, however, in order to determine that a call is personal, employers usually have to listen to portions of the employee's conversation.

Second, an employer may intercept communications where there is actual or implied employee consent. Consent has been found where there employer merely gives notice of the monitoring.